Hi
I have been struggling with this for a while . I trying to build pf firewall that acts
as a NAT .
It has two ports whos characteristics are
1. Outside internet port $ExtIF = "ne"
Gets handed its ip address by dhcp server at
192.168.3.1. This all works because you can surf the
internet from this machine.
2. Inside network port $IntIF ="fxpo"
This port has a dhcp server running on it .
Machines on this port can get receive their connection
details via dhcp . This all works machines connected to
this port via a network cable can ping the gateway
address which is 192.168.2.1 and make connection to the
the firewall.
The problem is packets dont seem to route across the firewall.
Please can some read my pf.conf and see if there any mistakes in it and provide me
with some advice.
I have also included a dump from doing sysctl -a
Thank you for your help and assistance .
Best wishes
Simon Batchelor
email [EMAIL PROTECTED]
================================================
pf.conf
================================================
# pf packet filter
#################################################################
## Full filter
#################################################################
# -------------------------------------------------------------------------
# Options:
set timeout { interval 30, frag 10 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 3600 }
set timeout { tcp.closing 120, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set limit { states 20000, frags 5000 }
set optimization aggressive
set block-policy drop
set require-order yes
##########################################################################
# define variables & Setup
ExtIF="ne3"
IntIF="fxp0"
PrivateIPs="192.168.2.0/48"
LocalIPs="127.0.0.1/8" #dont change the ip addresses in here
NoGoIPs="{ 192.168.0.0/16, 172.16.0.0/12, 127.0.0.0/8, 10.0.0.0/8, 0.0.0.0/8,
169.254.0.0/16, 192.0.2.0/24, 204.152.64.0/23, 224.0.0.0/3 }"
# -------------------------------------------------------------------------
# Declare ports
# -------------------------------------------------------------------------
OutTCP="{ 21,22,23,25,43,53,67,68,80,110,123,443,554,871,1214,1863,2401,5050,5999,6667
}"
OutUDP="{ 21,22,23,53,67,68,123 }"
InUDP="{ 53,67,68 }"
InICMP="{ 3,11 }"
OutTracerouteUDP="{ 33434 >< 33525 }"
set loginterface $ExtIF
# -------------------------------------------------------------------------
# Section: SCRUB & Normilize
# Interface: all
# normalize all incoming traffic. Set ttl to 255 to limit possible mapping of
# hosts behind firewall. Also set random-id to help with the same.
# -------------------------------------------------------------------------
scrub on $ExtIF all random-id min-ttl 255 max-mss 1400 fragment reassemble
# -------------------------------------------------------------------------
# -----------------------------------------------------------------------
################ Queueing ##################################
# Use a simple priority queue to prioritize empty (no payload) TCP ACKs,
# which dramatically improves throughput on (asymmetric) links when the
# reverse direction is saturated. The empty ACKs use an insignificant
# part of the bandwidth, but if they get delayed, downloads suffer
# badly, so prioritize them.
# Example: 512/128 kbps ADSL. Download is 50 kB/s. When a concurrent
# upload saturates the uplink, download drops to 7 kB/s. With the
# priority queue below, download drops only to 48 kB/s.
# For a 512/128 kbps ADSL with PPPoE link, using "bandwidth 100Kb"
# is optimal. Some experimentation might be needed to find the best
# value. If it's set too high, the priority queue is not effective, and
# if it's set too low, the available bandwidth is not fully used.
# A good starting point would be real_uplink_bandwidth * .90
# -----------------------------------------------------------------------
altq on $ExtIF priq bandwidth 100Kb queue { ack, bulk }
queue ack priority 7
queue bulk priority 1 priq(default)
# -----------------------------------------------------------------------
# -----------------------------------------------------------------------
# Section: NAT & RDR
# NAT internal IP addresses of range $PrivateIPs to external
# routable IP on external interface
# -----------------------------------------------------------------------
nat on $ExtIF from $PrivateIPs to any -> ($ExtIF)
#nat on $IntIF from $PrivateIPs to any -> ($ExtIF)
# ($ExtIF) the brackets mean that $ExtIF IP can change because of port $ExtIF
# being server as DHCP client of a another device or machine
# -------------------------------------------------------------------------
############################################################################
# Block all incoming and outgoing packets unless they're allowed later.
# +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# prevent spoofing of non-routable addresses
block in quick on $ExtIF from $NoGoIPs to any
block out quick on $ExtIF from any to $NoGoIPs
# Prevent routing of spoof address from the internal netowrk
# block in quick on $IntIF from ! $PrivateIPs to any
# block out quick on $IntIF from any to ! $PrivateIPs
# silently drop broadcasts cable modem noise
block in quick on $ExtIF from any to 255.255.255.255
# Block bad tcp flags from malicious people
block in log quick on $ExtIF proto tcp from any to any flags FUP/FUP
block in log quick on $ExtIF proto tcp from any to any flags SF/SFRA
block in log quick on $ExtIF proto tcp from any to any flags /SAFRU
block in log quick on $ExtIF proto tcp from any to any flags SAFRU/SAFRU
block in log quick on $ExtIF proto tcp from any to any flags SF/SF
block in log quick on $ExtIF proto tcp from any to any flags SR/SR
# block and log everything by default
block return log on $ExtIF all
# block anything coming from source we have no back routes for
# block in from no-route to any
# block and log outgoing packets that don't have our address as source,
# they are either spoofed or something is misconfigured (NAT disabled,
# for instance), we want to be nice and don't send out garbage.
block out log quick on $ExtIF from ! $ExtIF to any
#############################################################################
# -----------------------------------------------------------------------
# Interface: lo0
# Allow loopback to flow freely.
# -----------------------------------------------------------------------
# loopback
antispoof log quick for lo0 inet
pass in quick on lo0 all
pass out quick on lo0 all
# -----------------------------------------------------------------------
# -----------------------------------------------------------------------
# Interface: $IntIF
# Allow internal traffic to flow freely.
# -----------------------------------------------------------------------
# pass in quick on $IntIF all
# pass out quick on $IntIF all
pass in quick on $IntIF from $PrivateIPs to any flags S/SA modulate state
pass out quick on $IntIF inet proto tcp from any to $PrivateIPs port $OutTCP flags
S/SA modulate state
pass out quick on $IntIF inet proto udp from any to $PrivateIPs port $OutUDP keep state
# -----------------------------------------------------------------------
# -----------------------------------------------------------------------
# Interface: $ExtIF
# Allow _internal_ and fw initiated connections from hosts behind NAT to outside
# world.
# -----------------------------------------------------------------------
# [permit only certain services to outside world]
# route ips from lo0 -> $ExtIF
pass out quick on $ExtIF inet proto tcp from $LocalIPs to any port $OutTCP flags S/SA
modulate state
pass out quick on $ExtIF inet proto udp from $LocalIPs to any port $OutUDP keep state
pass out quick on $ExtIF inet proto icmp from $LocalIPs to any keep state
# route ips $ExtIF from $PrivateIPs
pass out quick on $ExtIF inet proto tcp from $PrivateIPs to any port $OutTCP flags
S/SA modulate state
pass out quick on $ExtIF inet proto udp from $PrivateIPs to any port $OutUDP keep state
pass out quick on $ExtIF inet proto icmp from $PrivateIPs to any keep state
pass out quick on $ExtIF inet proto tcp from ($ExtIF) to any port $OutTCP flags S/SA
modulate state
pass out quick on $ExtIF inet proto udp from ($ExtIF) to any port $OutUDP keep state
pass out quick on $ExtIF inet proto icmp from ($ExtIF) to any keep state
# [traceroute to outside world 1st stage: probing...man traceroute(8)]
pass out quick on $ExtIF inet proto udp from any to any port $OutTracerouteUDP keep
state
# [ping to outside world]
pass out quick on $ExtIF inet proto icmp all icmp-type 8 code 0 keep state
# [others require opening high udp ports]
pass out quick on $ExtIF inet proto udp from any to any keep state
######################################################################
##
## Example code block to allow ports in the outside world to be link
## to machines inside the network.
##
######################################################################
# -----------------------------------------------------------------------
# Allow _external_ initiated connections from outside world to hosts behind
# NAT and fw.
# -----------------------------------------------------------------------
# [traceroute to internal host 2nd stage: receiving error code of icmp-type 3
# (destination unreachable) and icmp-type 11 (time exceeded)]
#pass in quick on $ExtIF inet proto icmp from any to any icmp-type $InICMP keep state
###############################################################################
#Routing external ports to specified locations
# pass in quick on $ExtIF proto tcp to 192.168.0.110 port 6699 # WinXM
# pass in quick on $ExtIF proto tcp to 192.168.0.110 port 6699 # WinXM
# for example
###############################################################################
# Lastly antispoof protection
antispoof for $IntIF # input card
antispoof for $ExtIF # output card
================================================
================================================
sysctl.conf
================================================
kern.ostype = OpenBSD
kern.osrelease = 3.3
kern.osrevision = 200305
kern.version = OpenBSD 3.3 (GENERIC) #44: Sat Mar 29 13:22:05 MST 2003
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
kern.maxvnodes = 1310
kern.maxproc = 532
kern.maxfiles = 1772
kern.argmax = 262144
kern.securelevel = 1
kern.hostname = bsdgateway.192.168.3.23
kern.hostid = 0
kern.clockrate = tick = 10000, tickadj = 40, hz = 100, profhz = 1024, stathz = 128
kern.posix1version = 199009
kern.ngroups = 16
kern.job_control = 1
kern.saved_ids = 1
kern.boottime = Sun Mar 21 12:59:16 2004
kern.domainname =
kern.maxpartitions = 16
kern.rawpartition = 2
kern.osversion = GENERIC#44
kern.somaxconn = 128
kern.sominconn = 80
kern.usermount = 0
kern.random = 1949134 1639184 0 76976 40 7857 0 0 0 0 0 0 184303 32673 78003 196537
29976 6678 1346 1765 767 963 1636 2182 5308 5901 8792 10840 15723 15591 19015 27741
5470 9240 11550 3815 0 0 0 0 0 0 0 0 0 0 4 0 0 26079 66686 30758 45041 15739 0 0 0 0
952757 275288 518442 202673 0 0
kern.nosuidcoredump = 1
kern.fsync = 1
kern.sysvmsg = 1
kern.sysvsem = 1
kern.sysvshm = 1
kern.arandom = 879558431
kern.msgbufsize = 8172
kern.malloc.buckets =
16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,65536,131072,262144,524288
kern.malloc.bucket.16 = (calls = 9983 total_allocated = 2048 total_free = 237 elements
= 256 high watermark = 1280 could_free = 0)
kern.malloc.bucket.32 = (calls = 5206 total_allocated = 1408 total_free = 1046
elements = 128 high watermark = 640 could_free = 45)
kern.malloc.bucket.64 = (calls = 10554824 total_allocated = 896 total_free = 91
elements = 64 high watermark = 320 could_free = 0)
kern.malloc.bucket.128 = (calls = 1185475 total_allocated = 416 total_free = 27
elements = 32 high watermark = 160 could_free = 0)
kern.malloc.bucket.256 = (calls = 3613 total_allocated = 544 total_free = 56 elements
= 16 high watermark = 80 could_free = 0)
kern.malloc.bucket.512 = (calls = 1398 total_allocated = 336 total_free = 3 elements =
8 high watermark = 40 could_free = 0)
kern.malloc.bucket.1024 = (calls = 10473537 total_allocated = 268 total_free = 15
elements = 4 high watermark = 20 could_free = 0)
kern.malloc.bucket.2048 = (calls = 64 total_allocated = 24 total_free = 7 elements = 2
high watermark = 10 could_free = 0)
kern.malloc.bucket.4096 = (calls = 79 total_allocated = 36 total_free = 1 elements = 1
high watermark = 5 could_free = 0)
kern.malloc.bucket.8192 = (calls = 30 total_allocated = 12 total_free = 4 elements = 1
high watermark = 5 could_free = 0)
kern.malloc.bucket.16384 = (calls = 46 total_allocated = 2 total_free = 0 elements = 1
high watermark = 5 could_free = 0)
kern.malloc.bucket.32768 = (calls = 33 total_allocated = 18 total_free = 0 elements =
1 high watermark = 5 could_free = 0)
kern.malloc.bucket.65536 = (calls = 0 total_allocated = 0 total_free = 0 elements = 1
high watermark = 5 could_free = 0)
kern.malloc.bucket.131072 = (calls = 0 total_allocated = 0 total_free = 0 elements = 1
high watermark = 5 could_free = 0)
kern.malloc.bucket.262144 = (calls = 0 total_allocated = 0 total_free = 0 elements = 1
high watermark = 5 could_free = 0)
kern.malloc.bucket.524288 = (calls = 0 total_allocated = 0 total_free = 0 elements = 1
high watermark = 5 could_free = 0)
kern.malloc.kmemnames =
free,mbuf,devbuf,debug,pcb,routetbl,,fragtbl,,ifaddr,soopts,sysctl,namei,,ioctlops,,,,,iov,mount,,NFS_req,NFS_mount,NFS_node,vnodes,namecache,UFS_quota,UFS_mount,shm,VM_map,sem,,,VM_pmap,,,,file,file_desc,lockf,proc,subproc,VFS_cluster,,,MFS_node,,,Export_Host,NFS_srvsock,NFS_uid,NFS_daemon,ip_moptions,in_multi,ether_multi,mrt,ISOFS_mount,ISOFS_node,MSDOSFS_mount,MSDOSFS_fat,MSDOSFS_node,ttys,exec,miscfs_mount,,adosfs_mount,,adosfs_anode,,,adosfs_bitmap,EXT2FS_node,,pfkey_data,tdb,xform_data,,pagedep,inodedep,newblk,,,indirdep,,,,,,,,,VM_swap,,,,,RAIDframe_data,UVM_amap,UVM_aobj,,USB,USB_device,USB_HC,,memdesc,,,crypto_data,,IPsec_creds,packet_tags,1394ctl,1394data,,,,,,,,,,ip6_options,NDP,ip6rr,rp_addr,temp
kern.malloc.kmemstat.free = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.mbuf = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.devbuf = (inuse = 532, calls = 1150, memuse = 529K, limblocks =
0, mapblocks = 0, maxused = 531K, limit = 39322K, spare = 0, sizes =
(16,32,64,128,256,512,1024,2048,4096,8192,16384,32768))
kern.malloc.kmemstat.debug = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.pcb = (inuse = 141, calls = 1280, memuse = 16K, limblocks = 0,
mapblocks = 0, maxused = 19K, limit = 39322K, spare = 0, sizes = (16,32,64,256,512))
kern.malloc.kmemstat.routetbl = (inuse = 85, calls = 3935, memuse = 11K, limblocks =
0, mapblocks = 0, maxused = 11K, limit = 39322K, spare = 0, sizes = (16,32,64,128,256))
kern.malloc.kmemstat.fragtbl = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.ifaddr = (inuse = 115, calls = 120, memuse = 23K, limblocks = 0,
mapblocks = 0, maxused = 23K, limit = 39322K, spare = 0, sizes =
(16,32,64,128,256,512))
kern.malloc.kmemstat.soopts = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.sysctl = (inuse = 3, calls = 6, memuse = 2K, limblocks = 0,
mapblocks = 0, maxused = 6K, limit = 39322K, spare = 0, sizes = (16,128,1024,4096))
kern.malloc.kmemstat.namei = (inuse = 0, calls = 10470692, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 5K, limit = 39322K, spare = 0, sizes = (1024))
kern.malloc.kmemstat.ioctlops = (inuse = 0, calls = 2184, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (256,512,1024))
kern.malloc.kmemstat.iov = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.mount = (inuse = 1, calls = 1, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (512))
kern.malloc.kmemstat.NFS_req = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.NFS_mount = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.NFS_node = (inuse = 1, calls = 1, memuse = 4K, limblocks = 0,
mapblocks = 0, maxused = 4K, limit = 39322K, spare = 0, sizes = (4096))
kern.malloc.kmemstat.vnodes = (inuse = 63, calls = 1267, memuse = 7K, limblocks = 0,
mapblocks = 0, maxused = 44K, limit = 39322K, spare = 0, sizes = (32,128,256))
kern.malloc.kmemstat.namecache = (inuse = 3, calls = 3, memuse = 21K, limblocks = 0,
mapblocks = 0, maxused = 21K, limit = 39322K, spare = 0, sizes = (16,4096,16384))
kern.malloc.kmemstat.UFS_quota = (inuse = 1, calls = 1, memuse = 4K, limblocks = 0,
mapblocks = 0, maxused = 4K, limit = 39322K, spare = 0, sizes = (4096))
kern.malloc.kmemstat.UFS_mount = (inuse = 5, calls = 5, memuse = 30K, limblocks = 0,
mapblocks = 0, maxused = 30K, limit = 39322K, spare = 0, sizes = (512,1024,4096,32768))
kern.malloc.kmemstat.shm = (inuse = 12, calls = 39, memuse = 2K, limblocks = 0,
mapblocks = 0, maxused = 2K, limit = 39322K, spare = 0, sizes = (64,128))
kern.malloc.kmemstat.VM_map = (inuse = 4, calls = 4, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (256))
kern.malloc.kmemstat.sem = (inuse = 2, calls = 2, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (32,64))
kern.malloc.kmemstat.VM_pmap = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.file = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.file_desc = (inuse = 17, calls = 357, memuse = 11K, limblocks =
0, mapblocks = 0, maxused = 11K, limit = 39322K, spare = 0, sizes = (256,512,1024))
kern.malloc.kmemstat.lockf = (inuse = 8, calls = 343814, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 2K, limit = 39322K, spare = 0, sizes = (64))
kern.malloc.kmemstat.proc = (inuse = 5, calls = 19, memuse = 2K, limblocks = 0,
mapblocks = 0, maxused = 2K, limit = 39322K, spare = 0, sizes = (16,128,512))
kern.malloc.kmemstat.subproc = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.VFS_cluster = (inuse = 0, calls = 1521, memuse = 0K, limblocks =
0, mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (32,64))
kern.malloc.kmemstat.MFS_node = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.Export_Host = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.NFS_srvsock = (inuse = 2, calls = 2, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (256))
kern.malloc.kmemstat.NFS_uid = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.NFS_daemon = (inuse = 1, calls = 1, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (256))
kern.malloc.kmemstat.ip_moptions = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.in_multi = (inuse = 31, calls = 31, memuse = 2K, limblocks = 0,
mapblocks = 0, maxused = 2K, limit = 39322K, spare = 0, sizes = (16,64))
kern.malloc.kmemstat.ether_multi = (inuse = 8, calls = 8, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (32))
kern.malloc.kmemstat.mrt = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.ISOFS_mount = (inuse = 1, calls = 1, memuse = 4K, limblocks = 0,
mapblocks = 0, maxused = 4K, limit = 39322K, spare = 0, sizes = (4096))
kern.malloc.kmemstat.ISOFS_node = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.MSDOSFS_mount = (inuse = 1, calls = 1, memuse = 2K, limblocks =
0, mapblocks = 0, maxused = 2K, limit = 39322K, spare = 0, sizes = (2048))
kern.malloc.kmemstat.MSDOSFS_fat = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.MSDOSFS_node = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.ttys = (inuse = 336, calls = 336, memuse = 196K, limblocks = 0,
mapblocks = 0, maxused = 196K, limit = 39322K, spare = 0, sizes = (128,256,1024))
kern.malloc.kmemstat.exec = (inuse = 0, calls = 489, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 2K, limit = 39322K, spare = 0, sizes = (16,128,1024))
kern.malloc.kmemstat.miscfs_mount = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.adosfs_mount = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.adosfs_anode = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.adosfs_bitmap = (inuse = 0, calls = 0, memuse = 0K, limblocks =
0, mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.EXT2FS_node = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.pfkey_data = (inuse = 1, calls = 2, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (64))
kern.malloc.kmemstat.tdb = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.xform_data = (inuse = 0, calls = 14, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (16,32))
kern.malloc.kmemstat.pagedep = (inuse = 1, calls = 1, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (1024))
kern.malloc.kmemstat.inodedep = (inuse = 1, calls = 1, memuse = 4K, limblocks = 0,
mapblocks = 0, maxused = 4K, limit = 39322K, spare = 0, sizes = (4096))
kern.malloc.kmemstat.newblk = (inuse = 1, calls = 1, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (256))
kern.malloc.kmemstat.indirdep = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.VM_swap = (inuse = 5, calls = 5, memuse = 3K, limblocks = 0,
mapblocks = 0, maxused = 3K, limit = 39322K, spare = 0, sizes = (16,32,2048))
kern.malloc.kmemstat.RAIDframe_data = (inuse = 0, calls = 0, memuse = 0K, limblocks =
0, mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.UVM_amap = (inuse = 3038, calls = 23222, memuse = 568K, limblocks
= 0, mapblocks = 0, maxused = 655K, limit = 39322K, spare = 0, sizes =
(16,32,64,128,256,512,1024,2048,4096,8192,16384,32768))
kern.malloc.kmemstat.UVM_aobj = (inuse = 10, calls = 24, memuse = 3K, limblocks = 0,
mapblocks = 0, maxused = 3K, limit = 39322K, spare = 0, sizes = (16,128,256,1024))
kern.malloc.kmemstat.USB = (inuse = 15, calls = 15, memuse = 2K, limblocks = 0,
mapblocks = 0, maxused = 2K, limit = 39322K, spare = 0, sizes = (16,32,64,128,256))
kern.malloc.kmemstat.USB_device = (inuse = 4, calls = 4, memuse = 2K, limblocks = 0,
mapblocks = 0, maxused = 2K, limit = 39322K, spare = 0, sizes = (128,512))
kern.malloc.kmemstat.USB_HC = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.memdesc = (inuse = 1, calls = 16, memuse = 4K, limblocks = 0,
mapblocks = 0, maxused = 8K, limit = 39322K, spare = 0, sizes = (32,4096))
kern.malloc.kmemstat.crypto_data = (inuse = 1, calls = 1, memuse = 1K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (1024))
kern.malloc.kmemstat.IPsec_creds = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.packet_tags = (inuse = 0, calls = 1, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 1K, limit = 39322K, spare = 0, sizes = (16))
kern.malloc.kmemstat.1394ctl = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.1394data = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.ip6_options = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.NDP = (inuse = 26, calls = 28, memuse = 2K, limblocks = 0,
mapblocks = 0, maxused = 2K, limit = 39322K, spare = 0, sizes = (64,128))
kern.malloc.kmemstat.ip6rr = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.rp_addr = (inuse = 0, calls = 0, memuse = 0K, limblocks = 0,
mapblocks = 0, maxused = 0K, limit = 39322K, spare = 0, sizes = (none))
kern.malloc.kmemstat.temp = (inuse = 39, calls = 11383686, memuse = 6K, limblocks = 0,
mapblocks = 0, maxused = 6K, limit = 39322K, spare = 0, sizes = (16,32,64,128,4096))
kern.cp_time = 455771,0,134687,2251,2742916
kern.nchstats.good_hits = 56638124
kern.nchstats.negative_hits = 8384
kern.nchstats.bad_hits = 268
kern.nchstats.false_hits = 797
kern.nchstats.misses = 12338
kern.nchstats.long_names = 224
kern.nchstats.pass2 = 3639
kern.nchstats.2passes = 5779
kern.forkstat.forks = 693
kern.forkstat.vforks = 6
kern.forkstat.rforks = 0
kern.forkstat.kthreads = 7
kern.forkstat.fork_pages = 63330
kern.forkstat.vfork_pages = 86
kern.forkstat.rfork_pages = 0
kern.forkstat.kthread_pages = 0
kern.nselcoll = 0
kern.tty.tk_nin = 304705
kern.tty.tk_nout = 3864255
kern.tty.tk_rawcc = 234141
kern.tty.tk_cancc = 70564
kern.ccpu = 1948
kern.fscale = 2048
kern.nprocs = 63
kern.stackgap_random = 1024
kern.usercrypto = 1
kern.cryptodevallowsoft = 0
kern.splassert = 0
kern.nfiles = 356
kern.ttycount = 56
kern.numvnodes = 1553
kern.userasymcrypto = 1
kern.seminfo.semmni = 10
kern.seminfo.semmns = 60
kern.seminfo.semmnu = 30
kern.seminfo.semmsl = 60
kern.seminfo.semopm = 100
kern.seminfo.semume = 10
kern.seminfo.semusz = 100
kern.seminfo.semvmx = 32767
kern.seminfo.semaem = 16384
kern.shminfo.shmmax = 8388608
kern.shminfo.shmmin = 1
kern.shminfo.shmmni = 32
kern.shminfo.shmseg = 8
kern.shminfo.shmall = 2048
vm.loadavg = 0.34 0.46 0.37
vm.psstrings = 0xcfbfdff0
vm.swapencrypt.enable = 0
vm.swapencrypt.keyscreated = 0
vm.swapencrypt.keysdeleted = 0
vm.nkmempages = 16384
vm.anonmin = 10
vm.vtextmin = 5
vm.vnodemin = 10
fs.posix.setuid = 1
net.inet.ip.forwarding = 1
net.inet.ip.redirect = 1
net.inet.ip.ttl = 64
net.inet.ip.sourceroute = 0
net.inet.ip.directed-broadcast = 0
net.inet.ip.portfirst = 1024
net.inet.ip.portlast = 49151
net.inet.ip.porthifirst = 49152
net.inet.ip.porthilast = 65535
net.inet.ip.maxqueue = 300
net.inet.ip.encdebug = 0
net.inet.ip.ipsec-expire-acquire = 30
net.inet.ip.ipsec-invalid-life = 60
net.inet.ip.ipsec-pfs = 1
net.inet.ip.ipsec-soft-allocs = 0
net.inet.ip.ipsec-allocs = 0
net.inet.ip.ipsec-soft-bytes = 0
net.inet.ip.ipsec-bytes = 0
net.inet.ip.ipsec-timeout = 86400
net.inet.ip.ipsec-soft-timeout = 80000
net.inet.ip.ipsec-soft-firstuse = 3600
net.inet.ip.ipsec-firstuse = 7200
net.inet.ip.ipsec-enc-alg = aes
net.inet.ip.ipsec-auth-alg = hmac-sha1
net.inet.ip.mtudisc = 1
net.inet.ip.mtudisctimeout = 600
net.inet.ip.ipsec-comp-alg = deflate
net.inet.icmp.maskrepl = 0
net.inet.icmp.bmcastecho = 0
net.inet.icmp.errppslimit = 100
net.inet.icmp.rediraccept = 1
net.inet.icmp.redirtimeout = 600
net.inet.icmp.tstamprepl = 1
net.inet.ipip.allow = 0
net.inet.tcp.rfc1323 = 1
net.inet.tcp.keepinittime = 150
net.inet.tcp.keepidle = 14400
net.inet.tcp.keepintvl = 150
net.inet.tcp.slowhz = 2
net.inet.tcp.baddynamic = 587,749,750,751,760,761,871
net.inet.tcp.recvspace = 16384
net.inet.tcp.sendspace = 16384
net.inet.tcp.sack = 1
net.inet.tcp.mssdflt = 512
net.inet.tcp.rstppslimit = 100
net.inet.tcp.ackonpush = 0
net.inet.tcp.ecn = 0
net.inet.udp.checksum = 1
net.inet.udp.baddynamic = 587,749
net.inet.udp.recvspace = 41600
net.inet.udp.sendspace = 9216
net.inet.gre.allow = 0
net.inet.gre.wccp = 0
net.inet.esp.enable = 1
net.inet.ah.enable = 1
net.inet.mobileip.allow = 0
net.inet.etherip.allow = 0
net.inet.ipcomp.enable = 0
net.inet6.ip6.forwarding = 0
net.inet6.ip6.redirect = 1
net.inet6.ip6.hlim = 64
net.inet6.ip6.maxfragpackets = 200
net.inet6.ip6.accept_rtadv = 0
net.inet6.ip6.keepfaith = 0
net.inet6.ip6.log_interval = 5
net.inet6.ip6.hdrnestlimit = 50
net.inet6.ip6.dad_count = 1
net.inet6.ip6.auto_flowlabel = 1
net.inet6.ip6.defmcasthlim = 1
net.inet6.ip6.kame_version = OpenBSD-current
net.inet6.ip6.use_deprecated = 1
net.inet6.ip6.rr_prune = 5
net.inet6.ip6.v6only = 1
net.inet6.ip6.maxfrags = 200
net.inet6.icmp6.rediraccept = 1
net.inet6.icmp6.redirtimeout = 600
net.inet6.icmp6.nd6_prune = 1
net.inet6.icmp6.nd6_delay = 5
net.inet6.icmp6.nd6_umaxtries = 3
net.inet6.icmp6.nd6_mmaxtries = 3
net.inet6.icmp6.nd6_useloopback = 1
net.inet6.icmp6.nodeinfo = 1
net.inet6.icmp6.errppslimit = 100
net.inet6.icmp6.nd6_maxnudhint = 0
net.inet6.icmp6.mtudisc_hiwat = 1280
net.inet6.icmp6.mtudisc_lowat = 256
net.inet6.icmp6.nd6_debug = 0
hw.machine = i386
hw.model = Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache)
hw.ncpu = 1
hw.byteorder = 1234
hw.physmem = 335130624
hw.usermem = 334614528
hw.pagesize = 4096
hw.disknames = wd0,fd0
hw.diskcount = 2
machdep.console_device = ttyC0
machdep.bios.diskinfo.0 = bootdev = 0xa0000202, cylinders = 80, heads = 2, sectors = 18
machdep.bios.diskinfo.128 = bootdev = 0xa0000200, cylinders = 831, heads = 240,
sectors = 63
machdep.bios.cksumlen = 1
machdep.allowaperture = 2
machdep.cpuvendor = GenuineIntel
machdep.cpuid = 1618
machdep.cpufeature = 25426431
machdep.apmwarn = 10
machdep.kbdreset = 0
machdep.apmhalt = 0
user.cs_path = /usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin
user.bc_base_max = 2147483647
user.bc_dim_max = 65535
user.bc_scale_max = 2147483647
user.bc_string_max = 2147483647
user.coll_weights_max = 2
user.expr_nest_max = 32
user.line_max = 2048
user.re_dup_max = 255
user.posix2_version = 199212
user.posix2_c_bind = 0
user.posix2_c_dev = 0
user.posix2_char_term = 0
user.posix2_fort_dev = 0
user.posix2_fort_run = 0
user.posix2_localedef = 0
user.posix2_sw_dev = 0
user.posix2_upe = 0
user.stream_max = 20
user.tzname_max = 255
ddb.radix = 16
ddb.max_width = 80
ddb.max_line = 24
ddb.tab_stop_width = 8
ddb.panic = 1
ddb.console = 0
vfs.mounts.ffs has 1 mounted instance
vfs.ffs.doclusterread = 1
vfs.ffs.doclusterwrite = 1
vfs.ffs.doreallocblks = 1
vfs.ffs.doasyncfree = 1
vfs.ffs.max_softdeps = 10480
vfs.ffs.sd_tickdelay = 2
vfs.ffs.sd_worklist_push = 0
vfs.ffs.sd_blk_limit_push = 0
vfs.ffs.sd_ino_limit_push = 0
vfs.ffs.sd_blk_limit_hit = 0
vfs.ffs.sd_ino_limit_hit = 0
vfs.ffs.sd_sync_limit_hit = 0
vfs.ffs.sd_indir_blk_ptrs = 0
vfs.ffs.sd_inode_bitmap = 0
vfs.ffs.sd_direct_blk_ptrs = 0
vfs.ffs.sd_dir_entry = 0
vfs.nfs.iothreads = -1
================================================
____________________________________________________________
Find what you are looking for with the Lycos Yellow Pages
http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10
